Is there any risk when enabling CMD.exe in Applocker?

Nelson Mauricio Zamudio Arias 21 Reputation points
2021-04-08T17:20:43.503+00:00

Hello everyone.
We have a Mysql application called MYSQLDUMP that works to export information from MYsql databases, this program needs to use cmd.exe, but the applocker blocks it.
Is there any risk if we enable said CMD.exe?
Thanks for the help.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,740 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,301 Reputation points Microsoft Vendor
    2021-04-09T01:20:13.447+00:00

    Hi,
    CMD can be used safely for users.
    Users can only run commands with their permission.
    If user run some command to change or write date on the clients without rights, they will encounter access denied error or there will be an elevation prompt for standard users.
    Make sure the UAC was enabled and you can set policy: User Account Control: Behavior of the elevation prompt for standard users to the following settings:
    86003-4091.jpg
    86004-4092.jpg
    You can restrict the permissions for users on the clients or resource.

    Best Regards,

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Vadims Podāns 9,111 Reputation points MVP
    2021-04-08T17:28:05.523+00:00

    No, there are no risks with CMD, it is Windows component and safe to run.